<?php

!defined('IN_NOVA') && exit('Access Denied!');

class Login {

	public function start() {
		global $user,$cache,$request;

		switch( $request->get( 'p' ) ) {
		case 'login':
			if( !$user->is_admin() ) {
				$username = $request->get( 'username', 'P' );
				$password = $request->get( 'password', 'P' );
				if( $username == NULL || $password == NULL || $user->login( $username, $password ) != 1 ){
					echo '<p class="error">' . L( '_LOGIN_FAIL_' ), '</p>';
					return;
				}
			}
			if( defined( 'SUPER_PASSWORD' ) && SUPER_PASSWORD != '' ) {
				if( strtoupper( md5( APP_PREFIX . $request->get( 'superpassword', 'P' ) ) ) != SUPER_PASSWORD ) {
					echo '<p class="error">' . L( '_LOGIN_FAIL_' ), '</p>';
					return;
				}
			}
			$cache->refresh( ohash, TRUE );
			$_SESSION['user_group'] = 10;
			echo '<p class="warning">登录成功</p>';
		 	break;
		case 'logout':
			$user->logout();
			unset( $_SESSION['user_group'] );
			echo 'forbidden';
			break;
		default:
		// 如果用户为管理员且没有设置超级密码，就直接验证成功
			if( $user->is_admin() && ( !defined( 'SUPER_PASSWORD' ) || SUPER_PASSWORD == '' ) ) {
				$_SESSION['user_group'] = 10;
				header('Location: ./');
				return;
			}
			$this->show();
		}
	}

	private function show( $message = '', $type = '' ) {
		global $cache,$user;
		if( $message != '' ) {
			$message = '<p class="' . $type . '">' . $message . '</p>';
		}
		@header("content-type: text/html; charset=utf-8");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns = "http://www.w3.org/1999/xhtml" lang = "zh-cn">
<head>
	<meta http-equiv = "content-type" content = "text/html; charset=UTF-8" />
	<meta http-equiv = "content-Language" content = "UTF-8" />
	<title><?php echo L('_ADMIN_LOGIN_') . ' - ' . $cache->config['blogname'] ?></title>
	<link rel = "stylesheet" type = "text/css" href = "include/style.css" />
	<script language="javascript" type="text/javascript" src="include/jquery.js"></script>
	<script language="javascript" type="text/javascript" src="include/jquery.form.js"></script>
	<script language="javascript" type="text/javascript" src="include/admin.js"></script>
</head>
<body id="admin_body">
	<div id="admin_head">
		<span class="left"><?php echo L('_START_'); ?></span>

		<span class="right"><a href="<?php echo APP_PATH ?>../"><?php echo $cache->config['blogname'] ?></a></span>
	</div>
	<div id="admin_loading"><img src="include/loading.gif" /></div>
	<div id="admin_tips" style="visibility:hidden;" onmouseover="msg_onmouseover();" onmouseout="msg_onmouseout();"></div>

	<div id="admin_content">
	<div class = "login_panel">
		<div class = "login_title"><?php echo L('_ADMIN_LOGIN_') ?></div>
		<div class = "login_content">
			<form action="index.php?m=login&p=login" method="post" id="ajax_form">
				<?php echo $message; ?>
				<?php if( !$user->is_admin() ) { ?>
				<p><?php echo L('_USERNAME_') ?> :</p>
				<p><input name="username" type="text" class="input_text" size="20" /></p>
				<p><?php echo L('_PASSWORD_') ?> :</p>
				<p><input name="password" type="password" class="input_text" size="20" /></p>
				<?php
				}
				if( defined( 'SUPER_PASSWORD' ) && SUPER_PASSWORD != '' ) {
				?>
				<p><?php echo L('_SUPER_PASSWORD_') ?> :</p>
				<p><input name="superpassword" type="password" class="input_text" size="20" /></p>
				<?php } ?>
				<p>
					<span style="float:left;"><input type="submit" class="main_button" onclick="$('#admin_loading').fadeIn('slow');" value="<?php echo L('_LOGIN_') ?>" /></span>
					<span class="copyright">Powered By XKLog</span>
				</p>
			</form>
			<script>
				var ohash = null;
				$(document).ready(function(){
					if( $.browser.msie ) {
						showMessage('<p class="error">建议您使用非 IE 内核的浏览器以获得更好的浏览效果</p>');
					}
					$('#ajax_form').ajaxForm(function(data){
						showMessage(data);
						if(data=='<p class="warning">登录成功</p>'){
							document.location.href='./';
						} else {
							$("#admin_loading").fadeOut('slow');;
						}
					});
				});
			</script>
			<div class="fixed"></div>
		</div>
	</div>
	</div>

</body>
</html>
<?php
	}
}
